<?php
ob_start();
require_once 'config.php';
require_once(ABSPATH.'inc/functions.php');
require_once('app_start.php');

$lAct = Request::getVar('lAct');

if ($lAct=='logout'){
    session_start();
    session_destroy();
   
   header("location:showBusiness.php");   
    
    
}else{ 
 // Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT id, username, password, accesslevel,firstname, lastname, email  FROM edf_users WHERE username='$myusername' and password='$mypassword'";
//echo   $sql; 
$result= Database::runSelectQuery($sql);
 
 var_dump($result)          ;
//  exit;
// Mysql_num_row is counting table row
$count=sizeof($result);
// If result matched $myusername and $mypassword, table row must be 1 row
 //echo '-------> '.$count;
 //exit;
 
if($count==1){   

     
    session_start();
    // Register $myusername, $mypassword and redirect to file "login_success.php"
    $_SESSION['user_id']  = $result[0][0];
    $_SESSION['username']  = $result[0][1];
    $_SESSION['password']  = $result[0][2];
    $_SESSION['access']  = $result[0][3];
    $_SESSION['fname']  = $result[0][4];
    $_SESSION['lname']  = $result[0][5];
    $_SESSION['email']  = $result[0][6];
    $_SESSION['last_activity'] = time();
  //  header("location:index.php");
    header("location:showBusiness.php");
}else{
    
    header("location:login_page.php?msg=1");
}

ob_end_flush();
}
?>


